64) { $key = pack('H*', sha1($key)); } $key = str_pad($key, 64, chr(0x00)); $ipad = str_repeat(chr(0x36), 64); $opad = str_repeat(chr(0x5c), 64); $hmac = pack( 'H*', sha1( ($key ^ $opad) . pack( 'H*', sha1( ($key ^ $ipad) . $data )) )); return base64_encode($hmac); } public function getFileSecureParams($bucket, $fileName) { $expires = time() + intval(floatval(AWSOAuth::$MINUTES_EXPIRES) * 60); $fileName = str_replace('%2F', '/', rawurlencode($fileName = ltrim($fileName, '/'))); $signpath = '/'. $bucket .'/'. $fileName; $signsz = implode("\n", $pieces = array('GET', null, null, $expires, $signpath)); $signature = $this->lazySignature(AWSOAuth::$SECRET_KEY, $signsz); $qs = http_build_query($pieces = array( 'AWSAccessKeyId' => AWSOAuth::$ACCESS_KEY, 'Expires' => $expires, 'Signature' => $signature, )); return $qs; } public function putFileSecureParams($bucket, $region, $filePath, $params = "") { $returnParams = array(); $cleanFilePath = str_replace("%2F", "/", rawurlencode($filePath)); $returnParams['clean_file'] = $cleanFilePath; $url = "https://".$bucket.".s3.amazonaws.com". $cleanFilePath . $params; $returnParams["url"] = $url; $now = time(); $longDate = gmdate("Ymd\THis\Z", $now); $shortDate = gmdate("Ymd", $now); $method = "PUT"; $service = "s3"; $algorithm = "AWS4-HMAC-SHA256"; $timeToLive = 3600; $contentHash = "UNSIGNED-PAYLOAD"; $scope = $shortDate. "/" . $region . "/".$service."/aws4_request"; $credentialString = AWSOAuth::$WRITE_ACCESS_KEY . "/" . $scope; $headers = array(); $headers["host"] = parse_url($url, PHP_URL_HOST); $headers["x-amz-content-sha256"] = $contentHash; $headers["x-amz-date"] = $longDate; ksort($headers); $signedHeaders = implode(";", array_keys($headers)); $query = parse_url($url, PHP_URL_QUERY); parse_str($query, $params); ksort($params); $query = http_build_query($params); $canonicalRequest = $this->generateCanonicalRequest($headers, $method, $cleanFilePath, $query, $signedHeaders, $contentHash); $returnParams["canonical_request"] = $canonicalRequest; $stringToSign = $this->generateStringToSign($canonicalRequest, $algorithm, $longDate, $scope); $returnParams["string_to_sign"] = $stringToSign; $signature = $this->generateSignature(AWSOAuth::$WRITE_SECRET_KEY, $shortDate, $region, $service, $stringToSign); $returnParams["signature"] = $signature; $authorizationString = $this->generateAuthorization($credentialString, $signedHeaders, $signature, $algorithm); $headers["Authorization"] = $authorizationString; unset($headers['host']); $returnParams["headers"] = $headers; return $returnParams; } public function getFileSecureParams2($bucket, $region, $filePath, $params = "") { $returnParams = array(); $cleanFilePath = str_replace("%2F", "/", rawurlencode($filePath)); $returnParams['clean_file'] = $cleanFilePath; $url = "https://".$bucket.".s3.amazonaws.com" . $cleanFilePath . $params; $returnParams["url"] = $url; $now = time(); $longDate = gmdate("Ymd\THis\Z", $now); $shortDate = gmdate("Ymd", $now); $method = "GET"; $service = "s3"; $algorithm = "AWS4-HMAC-SHA256"; $timeToLive = 3600; $contentHash = hash('sha256', ''); $scope = $shortDate. "/" . $region . "/".$service."/aws4_request"; $credentialString = AWSOAuth::$ACCESS_KEY . "/" . $scope; $headers = array(); $headers["host"] = parse_url($url, PHP_URL_HOST); $headers["x-amz-content-sha256"] = $contentHash; $headers["x-amz-date"] = $longDate; ksort($headers); $signedHeaders = implode(";", array_keys($headers)); $query = parse_url($url, PHP_URL_QUERY); parse_str($query, $params); ksort($params); $query = http_build_query($params); $canonicalRequest = $this->generateCanonicalRequest($headers, $method, $cleanFilePath, $query, $signedHeaders, $contentHash); $returnParams["canonical_request"] = $canonicalRequest; $stringToSign = $this->generateStringToSign($canonicalRequest, $algorithm, $longDate, $scope); $returnParams["string_to_sign"] = $stringToSign; $signature = $this->generateSignature(AWSOAuth::$SECRET_KEY, $shortDate, $region, $service, $stringToSign); $returnParams["signature"] = $signature; $authorizationString = $this->generateAuthorization($credentialString, $signedHeaders, $signature, $algorithm); $headers["Authorization"] = $authorizationString; $returnParams["authorization"] = $authorizationString; unset($headers['host']); $returnParams["headers"] = $headers; return $returnParams; } public function generateAuthorization($credentialString, $signedHeaders, $signature, $algorithm) { $params = array(); $params[] = "Credential=".$credentialString; $params[] = "SignedHeaders=" . $signedHeaders; $params[] = "Signature=" . $signature; return $algorithm . " " . implode(",", $params); } public function generateSignature($secretKey, $shortDate, $region, $service, $stringToSign) { $dateKey = hash_hmac("sha256", $shortDate, "AWS4" . $secretKey, true); $regionKey = hash_hmac("sha256", $region, $dateKey, true); $serviceKey = hash_hmac("sha256", $service, $regionKey, true); $signingKey = hash_hmac("sha256", "aws4_request", $serviceKey, true); return hash_hmac("sha256", $stringToSign, $signingKey); } public function generateStringToSign($canonicalRequest, $algorithm, $longDate, $scope) { $reqHash = hash("sha256", $canonicalRequest); $stringToSignData = array(); $stringToSignData[] = $algorithm; $stringToSignData[] = $longDate; $stringToSignData[] = $scope; $stringToSignData[] = $reqHash; return implode("\n", $stringToSignData); } public function generateCanonicalRequest($headers, $method, $filePath, $query, $signedHeaders, $contentHash) { $canonicalHeaderData = array(); foreach ($headers as $key => $value) { $canonicalHeaderData[] = $key . ":" . $value; } $canonicalHeaderString = implode("\n", $canonicalHeaderData); $canonicalRequestData = array(); $canonicalRequestData[] = $method; $canonicalRequestData[] = $filePath; $canonicalRequestData[] = $query; $canonicalRequestData[] = $canonicalHeaderString; $canonicalRequestData[] = null; $canonicalRequestData[] = $signedHeaders; $canonicalRequestData[] = $contentHash; return implode("\n", $canonicalRequestData); } }